Privacy Policy

2.1 Information You Provide

• Account Information: Name, email address, password, business name, and role when you create an account.
• Billing Information: Payment card details are collected and processed directly by our PCI-compliant payment processor. We do not store your full card number, CVV, or expiry date on our servers. We retain only a tokenized reference for recurring billing.
• Business Data: Employee names, schedules, time entries, timesheets, and other workforce management data you enter into the Service.

2.2 Information Collected Automatically

• Device & Browser Information: IP address, browser type, operating system, and device identifiers.
• Usage Data: Pages viewed, features used, timestamps, and interaction patterns.
• Location Data: GPS coordinates collected during clock-in/clock-out events when GPS verification is enabled by the business administrator. Location data is collected only during clock events, not continuously.
• Photo Data: Selfie photos captured during clock-in events when photo verification is enabled by the business administrator.

• Provide the Service: Process time entries, generate timesheets, manage schedules, and administer your account.
• Billing: Process subscription payments, send invoices, and manage your billing cycle.
• Communication: Send account-related notifications, billing receipts, and important service updates.
• Security: Detect and prevent fraud, unauthorized access, and abuse of the Service.
• Improvement: Analyze usage patterns to improve features, performance, and user experience.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

GPS location data and photo verification data are sensitive categories that receive additional protections:

• These features are opt-in and must be explicitly enabled by the business administrator.
• GPS data is collected only at the moment of clock-in/clock-out, not continuously or in the background.
• Photo data is used solely for identity verification during clock events.
• Business administrators are responsible for informing their employees about the use of these features and obtaining any required consents under applicable laws.
• This data is stored securely and is accessible only to authorized business administrators.

We do not sell your personal information. We may share data in the following circumstances:

• Service Providers: We use third-party infrastructure and service providers for database hosting, payment processing, and other operational needs. These providers process data on our behalf under strict confidentiality agreements and are contractually obligated to protect your information.
• Third-Party Integrations: If you choose to connect third-party services (such as accounting software), data necessary for that integration may be shared with the connected service in accordance with their own privacy policies. You control which integrations are enabled.
• Business Administrators: Employee data (time entries, GPS, photos) is accessible to authorized administrators within the employee's business.
• Agency Accounts: Agency/CPA account holders can view data for client businesses they manage.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

• Encryption in transit (TLS/SSL) and at rest
• Row-level security (RLS) ensuring multi-tenant data isolation
• Secure authentication with hashed passwords
• PCI-compliant payment processing through our certified payment processor (we never handle raw card data)
• Regular security reviews and access controls

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

• Account Data: Retained for the duration of your account and for a reasonable period after closure for legal and business purposes.
• Time & Attendance Records: Retained in accordance with applicable labor law record-keeping requirements (typically 3–7 years depending on jurisdiction).
• Billing Records: Retained as required by tax and accounting regulations.
• GPS & Photo Data: Retained for the duration specified by the business administrator or as required by law.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a commonly used, machine-readable format.
• Opt-Out: Opt out of non-essential communications.

To exercise these rights, contact us at support@clockdeck.com.

If you have questions or concerns about this Privacy Policy, contact us at:

Clock Deck LLC
Email: support@clockdeck.com